Sometimes code, security, transit, other projects.

Blog

Shared signing keys for SAML identity providers is a commonly-overlooked vulnerability that matters more in the real world than other SAML issues.
Replacing SMTP email from servers with a simple logging tool.
The process (and pitfalls) of upgrading a U2F-supporting website to WebAuthn, with demonstration code.
Modifying low-level Chrome OS settings so that I don't have to change the region settings from Canadian English to US English every time I log in.
Building a wifi-accessible garage door opener on an embedded Linux system out of spare parts.
An attempt at building a visualization of Caltrain train lateness, foiled by messy data and a hard-to-operate web scraper.